23313908 problem in UTILITY/P7ZIP
authorDanek Duvall <danek.duvall@oracle.com>
Tue, 31 May 2016 11:22:47 -0700
changeset 6131 10e69396d753
parent 6130 9a454a2f1c35
child 6132 7fb35b7d3c4d
23313908 problem in UTILITY/P7ZIP 23313942 problem in UTILITY/P7ZIP
components/p7zip/patches/CVE-2016-2334.patch
components/p7zip/patches/CVE-2016-2335.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/p7zip/patches/CVE-2016-2334.patch	Tue May 31 11:22:47 2016 -0700
@@ -0,0 +1,30 @@
+This patch was pulled from the p7zip forums at:
+
+https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/1dba/attachment/CVE-2016-2334.patch
+
+This should be part of p7zip 16, once it ships.
+
+Index: p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/HfsHandler.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/HfsHandler.cpp
[email protected]@ -987,7 +987,9 @@ HRESULT CDatabase::LoadCatalog(const CFo
+       item.GroupID = Get32(r + 0x24);
+       item.AdminFlags = r[0x28];
+       item.OwnerFlags = r[0x29];
++      */
+       item.FileMode = Get16(r + 0x2A);
++      /*
+       item.special.iNodeNum = Get16(r + 0x2C); // or .linkCount
+       item.FileType = Get32(r + 0x30);
+       item.FileCreator = Get32(r + 0x34);
[email protected]@ -1572,6 +1574,9 @@ HRESULT CHandler::ExtractZlibFile(
+ 
+     UInt32 size = GetUi32(tableBuf + i * 8 + 4);
+ 
++    if (size > buf.Size() || size > kCompressionBlockSize + 1)
++        return S_FALSE;
++
+     RINOK(ReadStream_FALSE(inStream, buf, size));
+ 
+     if ((buf[0] & 0xF) == 0xF)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/p7zip/patches/CVE-2016-2335.patch	Tue May 31 11:22:47 2016 -0700
@@ -0,0 +1,23 @@
+This patch was pulled from the p7zip forums at:
+
+https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/1dba/attachment/CVE-2016-2335.patch
+
+This should be part of p7zip 16, once it ships.
+
+Index: p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
+===================================================================
+--- p7zip_15.14.1.orig/CPP/7zip/Archive/Udf/UdfIn.cpp
++++ p7zip_15.14.1/CPP/7zip/Archive/Udf/UdfIn.cpp
[email protected]@ -389,7 +389,11 @@ HRESULT CInArchive::ReadFileItem(int vol
+     return S_FALSE;
+   CFile &file = Files.Back();
+   const CLogVol &vol = LogVols[volIndex];
+-  CPartition &partition = Partitions[vol.PartitionMaps[lad.Location.PartitionRef].PartitionIndex];
++  unsigned partitionRef = lad.Location.PartitionRef;
++
++  if (partitionRef >= vol.PartitionMaps.Size())
++  	return S_FALSE;
++  CPartition &partition = Partitions[vol.PartitionMaps[partitionRef].PartitionIndex];
+ 
+   UInt32 key = lad.Location.Pos;
+   UInt32 value;